Posted: Thu 04 Mar 2010, 12:04 Post_subject:
Sorry for Coming Across The Wrong WaySub_title: Full-explanation and follow-up to replies in body of post.

Hello again,

Let me first say that I'm sorry for just jumping-in this way that could have come across confrontational or troll-like. I had browsed the forum and read a number of posts for some time before finally registering now and was actually almost ready to post regarding dial-up and internal Winmodems when I got distracted and diverted--first by this password issue and then by a number of other things.

I realize that this practice of including the password in the registration email is not unique to this site and obviously does not pose the same risks as it would for a commerce site or the like, where sensitive information is exchanged.

Nonetheless, it does pose some concerns.

Someone with malicious intent toward a registered forum user could wreak quite a bit of mischief through impersonating him or her.

Another concern is that there will inevitably be some people who will register with the same password that they already use for one or more banking, commerce or other sites where sensitive data is involved.

snowshaker wrote:

Your password comes in the mail, and you change it right away.

Well, first of all, are you sure that the new one isn't emailed as well whenever one changes their password?

Assuming that's not a problem, what you suggest could very well be a satisfactory solution in many, if not most, cases-- assuming one receives as well as opens the email right away and sees the password in it.

But even then, a case where the same password was already protecting sensitive data at other sites could still pose a problem.

In any event, as I had noted, I have found it to be the exception rather than the rule for a site to email the password upon registration. I was therefore sincerely taken aback and wanted to see what others felt about this. This seemed like an appropriate section of the forum for such a discussion and I appreciate that people responded.

I hope people won't mind my asking about something else, while I'm at it.

It seems that by default, one's email address is displayed at the bottom of each post one makes. I only realized and changed this after posting. This is also different from the other forums I have experience with, where by default email addresses are not displayed and I would like to hear what others feel about this.

Thanks for your patience and indulgence and for all that so many of you do not only for Puppy but for the larger GNU/Linux and open source community/movement in general. (at least by extension)

FWIW, we aren't using SSL, so every time you login the password is sent over the network in plaintext. (Same goes for any other forum that doesn't use SSL to login).

I do agree that we probably shouldn't send those emails, and that the email should be not visible by default (though the first thing anybody should do upon registering for a forum is to enter their control panel and set their options)._________________Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib